Show
The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification. AZ-900 Question 421Exam QuestionYour company is planning on developing new software applications, deploying new virtual machines, and implementing Microsoft 365. Your company plans on using the Platform as a Service (PaaS) model. Which of the following are advantages in a PaaS model? (Choose three.) A. Users can customize vendor’s development tools B. This is the most flexible cloud model. C. Users have no Capital Expenditure or Expenses (CapEx). D. Users do not need to configure servers for running applications. Correct AnswerA. Users can customize vendor’s development tools C. Users have no Capital Expenditure or Expenses (CapEx). D. Users do not need to configure servers for running applications. ExplanationThe following are advantages in a PaaS model:
Platform as a Service (PaaS) provides a company with an environment for developing, running, debugging, testing, patching, and deploying software applications. PaaS allows you to quickly create an application without having to worry about managing the underlying infrastructure. PaaS eliminates the need to install an operating system, web server, server patches, or other infrastructure to create applications. PaaS creates a complete deployment environment in the cloud that has tools to deliver simple cloud-based apps or sophisticated cloud-enabled enterprise applications. Platform as a Service provides some additional benefits:
Platform as a Service has platform limitations. You do not have full hardware control over the hardware the vendor has chosen, so there may be some limitations, and therefore is NOT the most flexible cloud model. After carefully analyzing a specific workload, you will be able to determine if the PaaS model is a fit for it. Infrastructure as a Service (IaaS) is a category of cloud computing services that is used by many cloud providers. With IaaS, you pay for resources such as servers, virtual machines (VMs), storage, networks, and operating systems from a cloud provider on a pay-as-you-go basis. These resources are provisioned and managed over the Internet. IaaS is used when you need complete control over the hardware that runs your application, but instead of buying hardware you rent it remotely and do not need to maintain it. Advantages of IaaS include:
Management and the shared responsibility model are the main disadvantage of IaaS. You manage and maintain the services that the cloud provider has provisioned, and the cloud provider manages and maintains the cloud infrastructure. With SaaS, software is centrally hosted and managed for the end customer. It is based on an architecture where one version (or a limited number of versions) of the application is used for all customers and licensed through a subscription. With SaaS there are some additional benefits. Advantages of SaaS include:
The main disadvantage of SaaS are software limitations because you do not have full hardware and software platform control. The software may not be able take advantage of faster hardware or may not be compatible with updated browsers. After carefully analyzing a specific workload, you will be able to determine if the SaaS model is a fit for you. Objective: Describe cloud concepts Sub-Objective: Describe cloud service types ReferenceMicrosoft Azure > Overview > What is IaaS? Microsoft Azure > Overview > What is PaaS? Microsoft Azure > Overview > What is SaaS? AZ-900 Question 422Exam QuestionYou have been told by your Chief Financial Officer to reduce costs. You want to implement Azure Spot Virtual Machines to reduce costs. Which of the following are true regarding Azure Spot Virtual Machines? Choose two. A. Can be evicted based on the maximum price that you set. B. Can be evicted based on capacity C. Must be manually deleted if evicted D. Are supported on B-series, D-series, and E-series E. Have same SLA as regular VMs Correct AnswerA. Can be evicted based on the maximum price that you set. ExplanationAn Azure Spot VM can be evicted based on capacity or the configured maximum price. The availability of an Azure Spot VM depends on the capacity factors such as size, region, or time of day. If capacity is exceeded, the Azure Spot VM is evicted. You can configure an eviction policy to deallocate the VM or delete the VM. An Azure Spot VM is evicted if the maximum price is less than the current price. If the price for the VM has gone up and is currently greater than the maximum price on the VM, then the VM gets evicted. You are sent a message 30 seconds before eviction to notify you. An Azure Spot Virtual Machine takes advantage of cost savings with unused capacity but does not offer the same SLA or high availability guarantees of regular VMs. Azure Spot Virtual Machines are supported on all series except B-series and any promo versions of any size in a series. B-series VMs are low-cost virtual machines. If an Azure Spot VM is evicted, it is not deleted by default. However, you can configure the eviction policy to delete it when evicted automatically. When an Azure Spot VM is evicted, the underlying storage is deleted, so you are not charged for storage. Objective: Describe Azure management and governance Sub-Objective: Describe cost management in Azure ReferenceMicrosoft Docs > Azure > Virtual Machines > Use Azure Spot Virtual Machines AZ-900 Question 423Exam QuestionYou are an Azure consultant for Dreamsuites Inc. The company has followed your recommendations to move to Azure DevOps Services. The local data center is slowly being deprecated, so you suggest that Azure DevTest labs will be a useful option for developers. What are some benefits/features that DevTest labs can offer? (Choose three.) A. Collect security logs from operating systems B. Azure Resource Manager templates C. Automatically build and test code projects D. Track costs on VM resources E. Base Azure VM images Correct AnswerB. Azure Resource Manager templates D. Track costs on VM resources E. Base Azure VM images ExplanationAzure DevTest labs will allow Dreamsuites to track costs on VM resources. Caps can be set on labs, limiting the number of VM’s per user and per lab. A monthly Estimated Cost Trend chart is available in the Azure Portal. Azure DevTest labs can offer Dreamsuites the option to create base Azure VM images. This would be a curated set of VM bases that are configured and approved by the team. Azure DevTest labs does not include the ability to collect security logs from operating systems. However, this is a recommended task for the DevTest VM’s, and can be accomplished with the Azure Security Center. Azure DevTest labs does not include the ability to automatically build and test code projects. That is the function of Azure Pipelines, one of the Azure DevOps services. Azure DevTest labs will allow Dreamsuites to use Azure Resource Manager templates. These templates can be used to quickly create new labs or modify existing labs. Azure DevTest labs are designed for quick setup of development or test environments. Unlike Managed (Classroom) Labs, DevTest Labs are manually created, and are managed by the enterprise. Microsoft does offer Powershell scripts to automate DevTest lab deployment. Objective: Describe Azure management and governance Sub-Objective: Describe features and tools for managing and deploying Azure resources ReferenceAzure DevTest Labs Azure > DevTest Labs > About Azure DevTest Labs Azure > Integration of Azure DevTest Labs and Azure DevOps AZ-900 Question 424Exam QuestionThe Nutex Corporation purchased another company and is moving a large amount of that data to Azure. Which of the following statements about Azure Archive Storage are TRUE? (Choose three.) A. A large blob takes more time than several small blobs to rehydrate. B. Blobs that are assigned an Archive Access tier must be first rehydrated to the Cool tier and later to the Hot tier. C. The process of making archived Blob data online and reusable is known as rehydration. D. Deleting or rehydrating an Archive blob before 180 days invites an early deletion fee from Microsoft. E. Data in an Archive blob cannot be copied to another Archive blob. Correct AnswerC. The process of making archived Blob data online and reusable is known as rehydration. D. Deleting or rehydrating an Archive blob before 180 days invites an early deletion fee from Microsoft. E. Data in an Archive blob cannot be copied to another Archive blob. ExplanationThe following statements are true:
The data in a blob is in the Archive Access tier is offline and can’t be read or modified. The archived Blob metadata is online and provides the blob’s properties. The two ways of retrieving and accessing data in an archived blob are rehydration and copying the Archive blob to a hot or cool tier. Rehydrating a blob can take up to hours. Rehydrating one large blob takes LESS time that rehydrating multiple small blobs. Early deletion fees DO NOT apply when archived blob is copied to an online blob. Blobs in the archive tier should be stored for a minimum of 180 days. Deleting or rehydrating archived blobs before 180 days will INCUR early deletion fees. The Copy Blob operation can be used to copy an archived blob. The original blob is not modified during or after the copy operation. Archive blobs can only be copied to online destination tiers, hot and cool. Copying an archived blob to another archived blob is NOT supported. Azure Archive Storage is an access tier available for blob storage. Archive Storage provides secure data transfer to the cloud using HTTPS and automatically secures that data at rest using 256-bit AES keys. Archive Storage can be used for long term backup retention, business policy mandated data archiving, and large volumes of video content and surveillance data backup retention. Archived blobs CAN be rehydrated to a hot or cool tier. The blob’s tier can be set by using the x-ms-access-tier request header. Objective: Describe Azure architecture and services Sub-Objective: Describe Azure storage services ReferenceAzure > Storage > Blobs > Rehydrate blob data from the archive tier Microsoft Docs > Set Blob Tier Microsoft Docs > Copy Blob AZ-900 Question 425Exam QuestionThe Nutex Corporation wants to use appropriate authentication and authorization. Your team must propose effective authentication and authorization techniques. Which of the following statements about authentication and authorization are TRUE? Drag each true statement from the left to the appropriate column on the right. Statement:
Correct AnswerAuthentication
Authorization
ExplanationYou should choose the following: Multi-factor authentication is the most advanced method of authentication and uses two or more levels of security from independent categories for authentication. This authentication type utilizes factors that act independently of each other in order to minimize data exposure. It is common for financial organizations, banks, and law enforcement agencies to use multiple factors for authentication. Authorization verifies the privileges granted to users before providing access. Access privileges are controlled by the role-based access control (RBAC) framework. Authentication validates credentials such as the username/user ID and password to verify the user’s identity. If validated successfully, access is granted, otherwise it is denied. Authorization lists the permissions the users have on a system, which is part of RBAC. Captcha is an authentication process that requires users to enter a pre-determined code. CAPTCHA stands for a Completely Automated Public Turing test to tell computers and humans apart. CAPTCHA prevents spam originating from automated form submissions. Objective: Describe Azure architecture and services Sub-Objective: Describe Azure identity, access, and security ReferenceDDI > Authentication vs Authorization Authentication vs Authorization – What’s the difference? AZ-900 Question 426Exam QuestionYour company needs to select the appropriate cloud model and category to deploy. Match the cloud model or category with its appropriate description. Cloud Model/Category:
Description:
Correct Answer
ExplanationThe cloud models and categories should be matched with the descriptions in the following manner:
Objective: Describe cloud concepts Sub-Objective: Describe cloud computing AZ-900 Question 427Exam QuestionYou have been tasked to create a solution to monitor network security groups within the Dream Suites Azure subscription. Diagnostic logging for network security groups has been enabled. You need to review the logs and show details for network security group blocked flows in the last hour. What solution below will meet the requirements? A. Azure Security Center B. Azure Application Insights C. Azure Log Analytics D. Azure Service Health Correct AnswerC. Azure Log Analytics ExplanationAzure Log Analytics is a service that is used to collect log data from Azure and on-premises. Insights can be derived from this log repository and stored in a single workspace. A powerful expressive query language is available to transform log data into actionable insight. When turning on diagnostic logging for a network security group you have the option to send to log analytics to obtain further insight. This option will provide the ability to show details for network security group blocked flows in the last hour. The Azure Security Center feature is a robust management platform that allows monitoring of threats within on-premises and Azure workloads and to fix discovered vulnerabilities quickly. This security platform provides the visibility to visually manage the security posture of your on-premises and Azure assets. This option will not provide the ability to show details for network security group blocked flows in the last hour. The Azure Service Health dashboard is the centralized place to track planned maintenance schedules, health advisories, and health alert notifications. This option will not provide the ability to show details for network security group blocked flows in the last hour. The Azure Application Insights solution provides the information required to understand how an app is performing and how it is being used. This solution can be used to monitor web applications to quickly detect performance bottlenecks, diagnose issues and to help improve usability. A common use case of the Azure Application Insights solution is integrating into Visual Studio to help automate the DevOps process to provide continuous improvement. This option will not provide the ability to show details for network security group blocked flows in the last hour. Objective: Describe Azure management and governance Sub-Objective: Describe monitoring tools in Azure ReferenceAzure > Azure Monitor > Log Analytics > Azure networking monitoring solutions in Log Analytics AZ-900 Question 428Exam QuestionAs an Azure administrator, you are required to enable multi-factor authentication (MFA) only for applications of the IT department. How should you implement this strategy? A. Azure Identity Protection B. Azure Conditional Access policy C. Azure AD Connect D. Azure Identity Hub Correct AnswerB. Azure Conditional Access policy ExplanationYou should use an Azure Conditional Access policy. As shown in the graphics below, with a Conditional Access policy you can choose multiple cloud apps for which you will enable multi-factor authentication. The following graphic shows an Azure Conditional Access policy. The following shows how to grant MFA in a Conditional Access policy: You should not choose to use Azure Identity Protection because you cannot limit MFA to specific apps. Its aim is the detection and remediation of identity-based risks. You should not choose to use Azure Identity Hub because it cannot achieve the requirements of the question. It allows your users to sign into your iOS, Android, PHP, Windows, web, and Sharepoint apps using Facebook, ADFS, Office 365, and many more. You should not choose to use Azure AD Connect because it is used for synchronizing on-premises users to Azure AD. Objective: Sub-Objective: ReferenceMicrosoft Docs > Azure > Active Directory > Conditional access > Building a Conditional Access policy AZ-900 Question 429Exam QuestionThe Nutex Corporation wants to adopt the Azure Monitor solution to collect metrics and logs for their services. You are part of the Azure Administrative team that must use the metrics and logs to ensure minimal disruption to services and come up with a plan to improve the performance of the services. Match the best practice to use Azure Monitor on the left with the benefit of using the best practice on the right. Best Practice
Benefit
Correct Answer
ExplanationYou would map the best practice to use Azure Monitor with the benefit of using the best practice as follows: The following are the best practices and the benefits:
This helps easily visualize end-to-end transactions and connections across all the components.
Workbooks help with knowledge sharing between devs and ops. Workbooks can be used as dynamic reports with metric charts and log queries, as well as troubleshooting guides that can be used by customer support or ops to handle basic problems.
Alerts can even be fed to existing ITSM tools or any other alert management system through webhooks. This allows you to design remediation with Azure Automation Runbooks or use Auto-scaling in case of elastic workloads. Objective: Describe Azure management and governance Sub-Objective: Describe monitoring tools in Azure ReferenceMicrosoft Azure > Blog > Seven best practices for Continuous Monitoring with Azure Monitor AZ-900 Question 430Exam QuestionYou are the Azure administrator for the Nutex Corporation. You want to ensure that only users from the Marketing department can access the Azure AD application named CompanyApp through multi-factor authentication. They have to use multi-factor authentication from work and from their home office. What settings do you have to configure to ensure that only Marketing department users can access CompanyApp using a smartcard and PIN? A. Switch Enable Access Rules to ON, Apply to Groups, and add the Marketing group. Under Rules, select Require multi-factor authentication. Correct AnswerA. Switch Enable Access Rules to ON, Apply to Groups, and add the Marketing group. Under Rules, select Require multi-factor authentication. ExplanationYou have to switch Enable Access Rules to ON, Apply to Groups, add the Marketing group, and select Require multi-factor authentication under Rules. First, you have to enable an application MFA access rule by configuring it to ON. You want only Marketing group to be able to use multi-factor authentication for that app, so you should create a single access rule based on one group. Because you want them to use a smartcard and PIN if they are at work or at home, you have to select Require multi-factor authentication. You should not configure Enable Access Rules to ON, Apply to All Users, select Except, add the Marketing group, and select Require multi-factor authentication under Rules. Here you select All Users with the exception of Marketing group. This means that all users have to use a smartcard and a PIN, without the Marketing department users. You should not configure OFF at Enable Access Rules. You need to enable access rules to apply multi-factor authentication requirements to the Marketing group and exclude other users from the requirement. Objective: Describe Azure architecture and services Sub-Objective: Describe Azure identity, access, and security ReferenceMicrosoft Docs > Azure > Active Directory > Authentication > Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication Microsoft Docs > Azure > Active Directory > Application proxy > Enable remote access to SharePoint with Azure Active Directory Application Proxy Microsoft Docs > Azure > Active Directory > Develop > Authentication vs. authorization |